Blog An All-Angles Approach to Ransomware
By Chris Kapusta / 28 Jul 2021
By Chris Kapusta / 28 Jul 2021
Picture this: A cybercriminal finds an entry point into your organization. But it’s not a smash-and-grab attack. They linger there. For six to nine months, they study your environment in the shadows, learning how to compromise your storage environment, your backups, your data protection — before dropping a massive ransomware bomb on your organization. At that point, paying up becomes your only viable option.
This multilayered approach from cybercriminals is becoming commonplace. It’s time a multilayered approach to ransomware defense becomes the standard, too.
A traditional approach to ransomware defense is often focused on keeping the bad actors out: endpoint security, email security and training users not to click on malicious links or open unknown documents. Prevention will always be critical. But there are two things I’m seeing more and more when talking to clients:
It’s time to rethink the way organizations restore and recover data in multiple areas. Following the traditional three-two-one principles is still important — three copies, on two different mediums, one of them off-site. But we need to start driving innovation around Mean Time to Restore (MTTR) capabilities.
If an entire environment needs to be restored, what does that look like from a process standpoint? For instance, we've always considered the data protection environments to have the cheap and deep storage. But we're starting to see Flash be prevalent in those environments. Why? Because Flash decreases MTTR.
Testing disaster scenarios on a broader scale is something teams need to start thinking about as well. When we talk data protection in the traditional sense, we talk about restoring files and folders — how quickly can I get someone an Excel spreadsheet back, maybe in a system or two? But in this case, we're talking restoring whole environments, or even an entire business. It’s not a conversation that we as an industry have been invested in until very recently.
In that same vein, we're seeing an increasing call for data protection environments to leverage immutable storage, to harden backup repositories. Yes, immutable storage is the nuclear option. But with the threat landscape as dangerous as it is, the new approach to ransomware defense needs to cover the entire spectrum of action. That means pursuing innovation across everything — preventing, detecting and recovering.
Here are my three biggest takeaways as you pursue excellence across your ransomware defense strategy:
If you’re interested in learning how Insight can support your organization, get in touch with an Insight expert. From evaluation to design to implementation, we can help create an end-to-end strategy that keeps your data safe from ransomware.
Sources:
1 Morgan, S. (2019, Oct. 21). Global Ransomware Damage Costs Predicted To Reach $20 Billion (USD) By 2021. Cybersecurity Ventures.